'Flame' Virus Fuels Political Heat Over Cyber Threats

New information about computer viruses shows how countries may be lining up to fight a cyberwar. The New York Times reported that former President George W. Bush and President Obama both authorized computer attacks against Iran, culminating in the Stuxnet virus, which targeted Iranian nuclear facilities.

Meanwhile, a United Nations agency raised alarms about another virus, dubbed "Flame," which may also have been designed for use against Iran.

The Flame virus was highlighted in a cybersecurity alert issued by the International Telecommunication Union, or ITU. Marco Obiso, the ITU's cybersecurity coordinator, says his organization noticed some malicious software spreading around the Middle East and asked Eugene Kaspersky, a Russian security consultant, to have his lab study the malware.

"There was this indication that there was this malware that was wiping out information in the Middle East," Obiso says. "So we asked Kaspersky Lab to further investigate, and then they discovered the Flame."

The ITU alert said the discovery of the Flame virus underscores the need for global collaboration to tackle cybersecurity threats.

Clear enough, but some skeptics are taking a more conspiratorial view of this story. They cite several points:

The ITU had never before issued a cybersecurity alert like this.

As a U.N. agency, the ITU has often reflected the interests of Russia and China, its two most influential members; the ITU has never called attention to cyberthreats emanating from those two countries.

The virus that got the ITU's attention, Flame, apparently targeted Iran, as Stuxnet also did. Suspicion immediately fell on the U.S. and Israel as the creators.

Kaspersky's analysis concluded Flame was created by a government, and he called it a highly sophisticated cyberweapon.

After studying descriptions of what the virus was said to do, cyber researcher Jeffrey Carr concluded that Kaspersky's analysis was, in Carr's words, "overblown," giving the Flame virus more attention than it warranted.

"Which, to me, lends credence to the possibility of this being politically motivated," Carr says.

One other point: Kaspersky, the ITU's main cybersecurity consultant, is himself close to the Russian government. He personally signed on to the ITU's cybersecurity alert on Flame. A U.S. security consultant anxious to be seen as politically independent might be reluctant to do that.

Carr, the author of Inside Cyber Warfare, says the Kaspersky endorsement highlighted the connection between Russia and the ITU.

"Kaspersky has been associated with Russian initiatives for years, and so it's not at all unusual coming from Russia," Carr says. "I don't know that we've ever seen such an endorsement here in the West."

A congressional hearing this week focused on the ITU and its ties to the Russian and Chinese governments. A senior State Department official and a member of the Federal Communications Commission both expressed alarm over those associations.

There is a lot to fuel suspicions, but the ITU's Obiso scoffs at the suggestion of any geopolitical significance to the ITU's new cybersecurity role.

"We are not interested in geopolitics," he says. "The fact that Kaspersky was there has nothing to do [with it being] a Russian company or an English company or an American company."

Perhaps. But the leadership of the ITU wants a so-called peace treaty for cyberspace under which some computer weapons would be outlawed. Russia has been the ITU's leading advocate in that regard; the United States would be directly affected.

Copyright 2013 NPR. To see more, visit http://www.npr.org/.

Transcript

SCOTT SIMON, HOST:

This is WEEKEND EDITION from NPR News. I'm Scott Simon. We learn more this week about how countries may be lining up to fight a cyberwar. The New York Times reported that Presidents Bush and Obama both authorized computer attacks against Iran culminating in the Stuxnet virus, which targeted Iranian nuclear facilities. Meanwhile, a U.N. agency raised alarms about another virus, dubbed Flame, which may also have been designed for use against Iran.

NPR's Tom Gjelten reports on what the developments may tell us about political division in the world of cyberwarfare.

TOM GJELTEN, BYLINE: The Flame virus was highlighted in a cybersecurity alert issued by the International Telecommunication Union. Marco Obiso, the I.T.U.'s cybersecurity coordinator, says his organization noticed some malicious software, malware, spreading around the Middle East and asked Eugene Kaspersky, a Russian security consultant, to have his lab study the malware.

MARCO OBISO: There was this indication that there was malware that was wiping out information in the Middle East. This is called wiper, eh? It's a wiping tool, basically. So we asked Kaspersky Lab to further investigate, and then they discovered the Flame.

GJELTEN: The I.T.U. alert said the discovery of the Flame virus underscored the need for global collaboration to tackle cybersecurity threats. Clear enough, but some skeptics are taking a more conspiratorial view of this story. They cite several points. One, the I.T.U. had never before issued a cybersecurity alert like this. Two, as a U.N. agency, the I.T.U. has often reflected the interests of Russia and China, its two most influential members.

The I.T.U. has never called attention to cyberthreats emanating from those two countries. Three, the virus that got the I.T.U.'s attention, Flame, apparently targeted Iran, as Stuxnet also did. Suspicion immediately fell on the U.S. and Israel as the creators. Kaspersky's analysis concluded Flame was created by a government and he called it a highly sophisticated cyberweapon.

After studying descriptions of what the virus was able to do, cyber researcher Jeffrey Carr concluded that Kaspersky's analysis was, in Carr's words, overblown, giving the Flame virus more attention than it warranted.

JEFFREY CARR: Which, to me, lends credence to the possibility of this being, you know, politically motivated.

GJELTEN: One other point: Eugene Kaspersky, the I.T.U.'s main cybersecurity consultant, is himself close to the Russian government. He personally signed on to the I.T.U.'s cybersecurity alert on Flame. A U.S. security consultant anxious to be seen as politically independent might be reluctant to do that. Jeffrey Carr, the author of "Inside Cyber Warfare," says the Kaspersky endorsement highlighted the connection between Russia and the I.T.U.

CARR: Kaspersky has been associated with Russian initiatives for years, and so it's not at all unusual coming from Russia. I don't know that we've ever seen such an endorsement here in the West.

GJELTEN: A congressional hearing this week focused on the I.T.U. and its ties to the Russian and Chinese governments. A senior State Department official and a member of the Federal Communications Commission both expressed alarm over those associations. Lots to fuel suspicions, but the I.T.U.'s Marco Obiso scoffs at the suggestion of any geopolitical significance to the I.T.U.'s new cybersecurity role.

OBISO: We are not interested in geopolitics. The fact that Kaspersky was there has nothing to do with it's a Russian company or an English company or an American company.

GJELTEN: Perhaps. But there is one other point: The leadership of the I.T.U. wants a so-called peace treaty for cyberspace, under which some computer weapons would be outlawed. Russia has been the I.T.U.'s leading advocate in that regard. The United States would be directly affected. Tom Gjelten, NPR News, Washington. Transcript provided by NPR, Copyright NPR.